From bcad233c5d6a7265a1a424dd64927adbfa4a247c Mon Sep 17 00:00:00 2001
From: Jeffery <jiantw83@yahoo.com>
Date: Fri, 6 Mar 2026 02:50:35 +0000
Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9E=20Service=EF=BC=9ADocker?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Service%EF%BC%9ADocker.md | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 Service%EF%BC%9ADocker.md

diff --git a/Service%EF%BC%9ADocker.md b/Service%EF%BC%9ADocker.md
new file mode 100644
index 0000000..7804a95
--- /dev/null
+++ b/Service%EF%BC%9ADocker.md
@@ -0,0 +1,39 @@
+# 安裝 Docker
+
+```bash
+apt update && apt install -y docker.io docker-compose-v2
+```
+
+# 將 Docker 權限賦予目前的使用者
+
+```bash
+usermod -aG docker $USER
+```
+
+```bash
+newgrp docker
+```
+
+# 問題一
+
+(2015/12/05) PVE 的 CT 安裝後無法啟動容器
+
+```
+Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: open sysctl net.ipv4.ip_unprivileged_port_start file: reopen fd 8: permission denied
+```
+
+## 解決方法
+
+在 PVE 的 CT 設定檔中加上相容設定
+
+```
+nano /etc/pve/lxc/(CT ID).conf
+```
+
+加上以下內容
+
+```
+lxc.apparmor.profile: unconfined
+lxc.mount.entry: /dev/null sys/module/apparmor/parameters/enabled none bind 0 0
+lxc.mount.entry: /proc/sys/net/ipv4/ip_unprivileged_port_start proc/sys/net/ipv4/ip_unprivileged_port_start none bind 0 0
+```
\ No newline at end of file